You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Currently have (all updated and run in normal and safe modes):McAffe antivirusAd-awarespy-botZone AlarmWindows startup inspectorpopup stopper

Manually deleted startup exe. programs that were showing up in the Startup inspector program I have, but they just keep coming back as a different name.

Typical redirects and mcaffe pop's up the usual Trojan warnings when trying to open IE (different names all the time), adding web sites to my favorites folder.

After some searching online, I installed:

CWShredder: Seemed to find some things the other spyware programs didn't, but ultimately didn't fix the problem.No-adware: Same as above (paid $30 for this 'cos some forum said it would fix all 3 main versions of the CWS spyware). No luck.

So now I've come to this...downloaded the hijack this and here it is (crossed fingers), run in normal (not in safe mode):

WIth ALL windows and browsers, including this one, CLOSED, click 'Fix checked'

- Run CWShredder and click FIX

- Run Ad-Aware SE*Click on 'Check for updates now'*Install any available updates*Click 'Scan now'*Choose 'Perform full system scan'

- Allow the scan to complete

- Ad-Aware will then present a list of anything found * Right-click on any entry in the list and click "Select All" to select the whole list.*Click "Next" and choose "OK" at the prompt to quarantine and remove the objects

Ok, did exactly as you instructed...and thanks for the very thorough instructions!

Some notes in case it's helpful:> CWShredder didn't find anything> Ad-Aware Did find quite a few>CCleaner cleaned up quite a bit>Panda-scan found 3 and said it fixed them...although not too sure, here's the report:

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

Any reason you have not kept up with your critical updates from Microsoft?

Please let me know if things are still good on your end and I will provide you with some products and advice that will armor your PC against future infection.

Ok, I deleted the apppp.dll , it's a goner now.

As for not doing Microsoft critical updates: I've had some problems in the past with some of the updates over the years so I've basically stayed with what I have now 'cos my computer never crashes and is very stable....with the exception of this hijack browser incident. I'm afraid to update since I'm basically rock solid for over a year now. But if you really think it's necessary....then I will do.

Everything looks back to normal....thanks so MUCH!

As for protection: Well, you know what I have now....I'm thinking of asking for my $$$ back on the NoAdware program, what do think of it? I don't trust that company (I think they are in cahoots with the spywares).

This CWS variant can delete some files. Using windows explorer, check to make sure these files are present.control.exerundll32.exewmplayer.exemsconfig.exenotepad.exe - Make sure it will runshell.dllSDHelper.dll - If you have Spybot Search and Destroy installed

If any of these files are missing or not working you can download them from HERE Be sure to follow the instructions for your OS.

Should I run CWShredder and CCleaner regularly?

It won't hurt, but remember CWShredder is used against CoolWebSearch and only certain variants of this infection. CCleaner is a good tool to use for cleaning out your IE cache and temp folders. See HERE for more info.

As for protection: Well, you know what I have now....I'm thinking of asking for my $$$ back on the NoAdware program, what do think of it? I don't trust that company (I think they are in cahoots with the spywares).

Because of all the false positives this program used to generate, it was once considered a rouge program by the security community and not recommended. They have since addressed this problem and it has now been removed from the the list of rouge programs. See HERE

In my opinion, the free products like Ad-Aware SE and Spybot Search and Destroy still do a much better job then NoAdware ever has.

As for not doing Microsoft critical updates: I've had some problems in the past with some of the updates over the years so I've basically stayed with what I have now 'cos my computer never crashes and is very stable....with the exception of this hijack browser incident. I'm afraid to update since I'm basically rock solid for over a year now. But if you really think it's necessary....then I will do.

I hear you. I break out in a cold sweat when updating. In XP you have the ability to set a restore point to return to if things go south. Not so with 2000. Those critical updates plug quite a few security holes and I would be remiss in not recommending them. It is of course entirely up to you.

Here a a few free programs that will help to armor your PC against future infections.

SpywareBlaster:It will prevent spyware from being installed and consumes no system resources.SpywareBlaster